Microsoft recently released an update (2616676), adding six additional DigiNotar root certificates that are cross-signed by Entrust and GTE, to the Untrusted Certificate Store. Update 2616676 supersedes 2607712 and contains the full list of certificates which are:
- DigiNotar Root CA
- DigiNotar Root CA G2
- DigiNotar PKIoverheid CA Overheid
- DigiNotar PKIoverheid CA Organisatie - G2
- DigiNotar PKIoverheid CA Overheid en Bedrijven
- DigiNotar Root CA Issued by Entrust (2 certificates)
- DigiNotar Services 1024 CA Issued by Entrust
- Diginotar Cyber CA Issued by GTE CyberTrust (3 certificates)
Also, the Redmond company just published the September Security Bulletin Webcast Questions & Answers page.
"We fielded 15 questions primarily regarding the Diginotar Certificate compromise and the associated Security Advisory. There was one question that we were unable to answer during the webcast due to time constraints, and we have included all questions and answers on the Q&A page," said the MSRC.
Below is a deployment priority guidance to further assist customers in their deployment planning of Security Advisory 2607712 (click for larger view):
Here is the risk and impact graph shows an aggregate view of this month's severity and exploitability index ratings of Security Advisory 2607712 (click for larger view):